Deployment Architecture

Send log in another index based on a tag

New Member


I am using docker and I send all containers logs using logspout into a TCP input on Splunk.
Before trying to use Splunk, I was using Graylog. It was possible to extract logs from an input to send it into a specific index, based on a tag.

This is what I am trying to do with Splunk : all logs from all my containers are send in only one input and in consequence into only one index.
Is there a way to apply the same thing that I was doing using Graylog, using the web GUI mostly?

The main goal is to aggregate all logs from one container only into one dedicated index.

Thanks for your help.

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...